Usually, when a politician calls out a tech giant and holds them accountable over privacy concerns, that’s celebrated. What’s better than having an elected official actually stand up for and look out for his electorate? Senator Richard Blumenthal is a special case though, which is why his going after Zoom isn’t going too well for him right now.
Senator Blumenthal is no stranger to controversy involving the internet. Back in 2017, he co-sponsored and helped craft the FOSTA bill that held online companies and websites accountable for “sex trafficking”, which is worded well enough to include independent sex work. Needless to say, FOSTA turned out to be a massive failure by every metric. It did indeed cause sex trafficking to proliferate because it ended up only targeting legitimate and consensual sex work.
It doesn’t stop there. When questioned about smaller internet companies that can’t afford to implement measures to abide by FOSTA, Blumenthal said “And I believe that those outliers — and they are outliers — will be successfully prosecuted, civilly and criminally under this law.”
Needless to say, that was an incredibly misinformed comment. The vast majority of websites are indeed small businesses. As is often the case, the most successful make up a very small percentage of the total number of players.
Now that Zoom is all over the news, Blumenthal decided to take the spotlight and be the hero by calling it out on Twitter:
Now before you start clapping and cheering, remember what I said about him being a special case. Responses to his tweet called out the hypocrisy and irony in his current position against Zoom, given the EARN IT Act he’s simultaneously trying to push.
The first response to his tweet was by the Associate Director of Surveillance & Cybersecurity at Stanford’s Center for Internet and Society, Riana Pfefferkorn:
In case you’re not familiar with the EARN IT Act, the EFF published a detailed blog post about it – titled “The EARN IT Act Violates the Constitution“. The blog post goes on to explain how this act “drastically undermines encryption” by forcing websites to break their own encryption and share data with law enforcement under the threat of legal action.
Just like the failed FOSTA bill, this new effort is also being pushed under the guise of preventing “online sexual exploitation of children.” If his history is anything to go by, this bill will similarly accomplish nothing in the way of its overtly expressed goal and instead only be used to crack down on law-abiding citizens and limit their freedoms.
At the end of the day, who can oppose a bill that protects children? Would someone please think of the children?!
But wait! There’s more!
Pfefferkorn wasn’t quite done with the senator yet. She twisted the knife in further with a follow-up tweet:
https://twitter.com/Riana_Crypto/status/1245432304953995265
Pfefferkorn shared a screenshot from a PDF document she linked to titled “Concerns & Responses” to the EARN IT Act. The screenshot is quite chilling:
“When a company has terms and conditions that enable it to privately search, there is no Fourth Amendment violation because users lose their reasonable expectation to privacy. […] The [Supreme] Court has, after all, suggested that individuals lack any reasonable expectation of privacy and so forfeit any Fourth Amendment protections in materials they choose to share with third parties.”
The irony is further compounded by Blumenthal’s second tweet, wherein he calls out the act of “Zoombombing”. That’s when someone uninvited, usually a troll, joins a call.
Yes. Silence the “silencers”.
More to the point, the only reason Zoombombing is possible is due to the lack of end-to-end encryption. In other words, if the Senator gets his way and EARN IT ends up going through, all online services will have to implement back doors in their security that the government (and anyone savvy enough to find them) can use.
It’s difficult to determine whether the Senator is sincerely oblivious and speaking about matters he does not understand, or if he’s intentionally misdirecting his supporters.
As for Zoom, they addressed Zoombombing in a March 20 blog post essentially serving as an FAQ article advising users on how they can prevent unauthorized access by using built-in features.
Their misleading usage of “end-to-end encryption” when they aren’t in fact deploying it hints at intentional manipulation on their part.
What’s perhaps even more troubling is that Zoom has a specific version aimed for government use, complete with a marketing page advertising its benefits to governments.
Perhaps that’s the version UK PM Boris Johnson was using when he accidentally broadcasted his meeting ID.